diff --git a/CHANGELOG b/CHANGELOG index 47987f7f81..3fbcd9e32c 100755 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,168 @@ +v1.5.0 (XXXX-XX-XX) +------------------- + +* added SHORTEST_PATH AQL function + + this calculates the shortest paths between two vertices, using the Dijkstra + algorithm, employing a min-heap + + By default, ArangoDB does not know the distance between any two vertices and + will use a default distance of 1. A custom distance function can be registered + as an AQL user function to make the distance calculation use any document + attributes or custom logic: + + RETURN SHORTEST_PATH(cities, motorways, "cities/CGN", "cities/MUC", "outbound", { + paths: true, + distance: "myfunctions::citydistance" + }) + + // using the following custom distance function + var aqlfunctions = require("org/arangodb/aql/functions"); + aqlfunctions.register("myfunctions::distance", function (config, vertex1, vertex2, edge) { + return Math.sqrt(Math.pow(vertex1.x - vertex2.x) + Math.pow(vertex1.y - vertex2.y)); + }, false); + +* issue #751: Create database through API should return HTTP status code 201 + + By default, the server now returns HTTP 201 (created) when creating a new + database successfully. To keep compatibility with older ArangoDB versions, the + startup parameter `--server.default-api-compatibility` can be set to a value + of `10400` to indicate API compatibility with ArangoDB 1.4. The compatibility + can also be enforced by setting the `X-Arango-Version` HTTP header in a + client request to this API on a per-request basis. + +* allow direct access from the `db` object to collections whose names start + with an underscore (e.g. db._users). + + Previously, access to such collections via the `db` object was possible from + arangosh, but not from arangod (and thus Foxx and actions). The only way + to access such collections from these places was via the `db._collection()` + workaround. + +* allow `\n` (as well as `\r\n`) as line terminator in batch requests sent to + `/_api/batch` HTTP API. + +* use `--data-binary` instead of `--data` parameter in generated cURL examples + +* issue #703: Also show path of logfile for fm.config() + +* issue #675: Dropping a collection used in "graph" module breaks the graph + +* added "static" Graph.drop() method for graphs API + +* fixed issue #695: arangosh server.password error + +* use pretty-printing in `--console` mode by defaul + +* added `check-server` binary for testing + +* simplified ArangoDB startup options + + Some startup options are now superfluous or their usage is simplified. The + following options have been changed: + + * `--javascript.modules-path`: this option has been removed. The modules paths + are determined by arangod and arangosh automatically based on the value of + `--javascript.startup-directory`. + + If the option is set on startup, it is ignored so startup will not abort with + an error `unrecognized option`. + + * `--javascript.action-directory`: this option has been removed. The actions + directory is determined by arangod automatically based on the value of + `--javascript.startup-directory`. + + If the option is set on startup, it is ignored so startup will not abort with + an error `unrecognized option`. + + * `--javascript.package-path`: this option is still available but it is not + required anymore to set the standard package paths (e.g. `js/npm`). arangod + will automatically use this standard package path regardless of whether it + was specified via the options. + + It is possible to use this option to add additional package paths to the + standard value. + + Configuration files included with arangod are adjusted accordingly. + +* layout of the graphs tab adapted to better fit with the other tabs + +* database selection is moved to the bottom right corner of the web interface + +* removed priority queues + + this feature was never advertised nor documented nor tested. + +* display internal attributes in document source view of web interface + +* removed separate shape collections + + When upgrading to ArangoDB 1.5, existing collections will be converted to include + shapes and attribute markers in the datafiles instead of using separate files for + shapes. + + When a collection is converted, existing shapes from the SHAPES directory will + be written to a new datafile in the collection directory, and the SHAPES directory + will be removed afterwards. + + This saves up to 2 MB of memory and disk space for each collection + (savings are higher, the less different shapes there are in a collection). + Additionally, one less file descriptor per opened collection will be used. + + When creating a new collection, the amount of sync calls may be reduced. The same + may be true for documents with yet-unknown shapes. This may help performance + in these cases. + +* added AQL functions `NTH` and `POSITION` + +* added signal handler for arangosh to save last command in more cases + +* added extra prompt placeholders for arangosh: + - `%e`: current endpoint + - `%u`: current user + +* added arangosh option `--javascript.gc-interval` to control amount of + garbage collection performed by arangosh + +* fixed issue #651: Allow addEdge() to take vertex ids in the JS library + +* removed command-line option `--log.format` + + In previous versions, this option did not have an effect for most log messages, so + it got removed. + +* removed C++ logger implementation + + Logging inside ArangoDB is now done using the LOG_XXX() macros. The LOGGER_XXX() + macros are gone. + +* added collection status "loading" + +* added the option to return the number of elements indexed to the + result of .getIndexes() for each index. This is + currently only implemented for hash indices and skiplist indices. + + v1.4.9 (XXXX-XX-XX) ------------------- +* added command-line option `--server.disable-authentication-unix-sockets` + + with this option, authentication can be disabled for all requests coming + in via UNIX domain sockets, enabling clients located on the same host as + the ArangoDB server to connect without authentication. + Other connections (e.g. TCP/IP) are not affected by this option. + + The default value for this option is `false`. + Note: this option is only supported on platforms that support Unix domain + sockets. + +* fail if invalid `strategy`, `order` or `itemOrder` attribute values + are passed to the AQL TRAVERSAL function. Omitting these attributes + is not considered an error, but specifying an invalid value for any + of these attributes will make an AQL query fail. + + * call global arangod instance destructor on shutdown * issue #755: TRAVERSAL does not use strategy, order and itemOrder options diff --git a/Documentation/UserManual/CommandLine.md b/Documentation/UserManual/CommandLine.md index 907d353991..3d5b3dd63c 100644 --- a/Documentation/UserManual/CommandLine.md +++ b/Documentation/UserManual/CommandLine.md @@ -107,6 +107,10 @@ Command-Line Options for arangod {#CommandLineArangod} @anchor CommandLineArangoDisableAuthentication @copydetails triagens::arango::ArangoServer::_disableAuthentication +@CLEARPAGE +@anchor CommandLineArangoDisableAuthenticationUnixSockets +@copydetails triagens::arango::ArangoServer::_disableAuthenticationUnixSockets + @CLEARPAGE @anchor CommandLineArangoAuthenticateSystemOnly @copydetails triagens::arango::ArangoServer::_authenticateSystemOnly diff --git a/Documentation/UserManual/CommandLineTOC.md b/Documentation/UserManual/CommandLineTOC.md index 52551281f4..4f52443e91 100644 --- a/Documentation/UserManual/CommandLineTOC.md +++ b/Documentation/UserManual/CommandLineTOC.md @@ -18,6 +18,7 @@ TOC {#CommandLineTOC} - @ref CommandLineConsole "console" - @ref CommandLineArangoEndpoint "server.endpoint" - @ref CommandLineArangoDisableAuthentication "server.disable-authentication" + - @ref CommandLineArangoDisableAuthenticationUnixSockets "server.disable-authentication-unix-sockets" - @ref CommandLineArangoAuthenticateSystemOnly "server.authenticate-system-only" - @ref CommandLineArangoKeepAliveTimeout "server.keep-alive-timeout" - @ref CommandLineArangoDefaultApiCompatibility "server.default-api-compatibility" diff --git a/arangod/RestServer/ArangoServer.cpp b/arangod/RestServer/ArangoServer.cpp index a98579e9ef..d824b3a51f 100644 --- a/arangod/RestServer/ArangoServer.cpp +++ b/arangod/RestServer/ArangoServer.cpp @@ -266,6 +266,7 @@ ArangoServer::ArangoServer (int argc, char** argv) _applicationV8(0), _authenticateSystemOnly(false), _disableAuthentication(false), + _disableAuthenticationUnixSockets(false), _dispatcherThreads(8), _dispatcherQueueSize(8192), _databasePath(), @@ -507,6 +508,9 @@ void ArangoServer::buildApplicationServer () { additional[ApplicationServer::OPTIONS_SERVER + ":help-admin"] ("server.authenticate-system-only", &_authenticateSystemOnly, "use HTTP authentication only for requests to /_api and /_admin") ("server.disable-authentication", &_disableAuthentication, "disable authentication for ALL client requests") +#ifdef TRI_HAVE_LINUX_SOCKETS + ("server.disable-authentication-unix-sockets", &_disableAuthenticationUnixSockets, "disable authentication for requests via UNIX domain sockets") +#endif ("server.disable-replication-logger", &_disableReplicationLogger, "start with replication logger turned off") ("server.disable-replication-applier", &_disableReplicationApplier, "start with replication applier turned off") ; @@ -1240,14 +1244,15 @@ void ArangoServer::openDatabases () { TRI_vocbase_defaults_t defaults; // override with command-line options - defaults.defaultMaximalSize = _defaultMaximalSize; - defaults.removeOnDrop = _removeOnDrop; - defaults.removeOnCompacted = _removeOnCompacted; - defaults.defaultWaitForSync = _defaultWaitForSync; - defaults.forceSyncShapes = _forceSyncShapes; - defaults.forceSyncProperties = _forceSyncProperties; - defaults.requireAuthentication = ! _disableAuthentication; - defaults.authenticateSystemOnly = _authenticateSystemOnly; + defaults.defaultMaximalSize = _defaultMaximalSize; + defaults.removeOnDrop = _removeOnDrop; + defaults.removeOnCompacted = _removeOnCompacted; + defaults.defaultWaitForSync = _defaultWaitForSync; + defaults.forceSyncShapes = _forceSyncShapes; + defaults.forceSyncProperties = _forceSyncProperties; + defaults.requireAuthentication = ! _disableAuthentication; + defaults.requireAuthenticationUnixSockets = ! _disableAuthenticationUnixSockets; + defaults.authenticateSystemOnly = _authenticateSystemOnly; assert(_server != 0); diff --git a/arangod/RestServer/ArangoServer.h b/arangod/RestServer/ArangoServer.h index 0c22cbed21..2a734abb5d 100644 --- a/arangod/RestServer/ArangoServer.h +++ b/arangod/RestServer/ArangoServer.h @@ -262,6 +262,26 @@ namespace triagens { bool _disableAuthentication; +//////////////////////////////////////////////////////////////////////////////// +/// @brief disable authentication for requests via UNIX domain sockets +/// +/// @CMDOPT{\--server.disable-authentication-unix-sockets @CA{value}} +/// +/// Setting @CA{value} to true will turn off authentication on the server side +/// for requests coming in via UNIX domain sockets. With this flag enabled, +/// clients located on the same host as the ArangoDB server can use UNIX domain +/// sockets to connect to the server without authentication. +/// Requests coming in by other means (e.g. TCP/IP) are not affected by this +/// option. +/// +/// The default value is @LIT{false}. +/// +/// Note: this option is only available on platforms that support UNIX domain +/// sockets. +//////////////////////////////////////////////////////////////////////////////// + + bool _disableAuthenticationUnixSockets; + //////////////////////////////////////////////////////////////////////////////// /// @brief number of dispatcher threads for non-database worker /// diff --git a/arangod/RestServer/VocbaseContext.cpp b/arangod/RestServer/VocbaseContext.cpp index 09dccb22a1..a1f7484056 100644 --- a/arangod/RestServer/VocbaseContext.cpp +++ b/arangod/RestServer/VocbaseContext.cpp @@ -30,6 +30,7 @@ #include "BasicsC/common.h" #include "BasicsC/logging.h" #include "BasicsC/tri-strings.h" +#include "Rest/ConnectionInfo.h" #include "VocBase/auth.h" #include "VocBase/server.h" #include "VocBase/vocbase.h" @@ -101,6 +102,18 @@ HttpResponse::HttpResponseCode VocbaseContext::authenticate () { return HttpResponse::OK; } +#ifdef TRI_HAVE_LINUX_SOCKETS + // check if we need to run authentication for this type of + // endpoint + ConnectionInfo const& ci = _request->connectionInfo(); + + if (ci.endpointType == Endpoint::DOMAIN_UNIX && + ! _vocbase->_settings.requireAuthenticationUnixSockets) { + // no authentication required for unix socket domain connections + return HttpResponse::OK; + } +#endif + if (_vocbase->_settings.authenticateSystemOnly) { // authentication required, but only for /_api, /_admin etc. const char* path = _request->requestPath(); diff --git a/arangod/V8Server/v8-vocbase.cpp b/arangod/V8Server/v8-vocbase.cpp index f63d85f6ee..4f481aee17 100644 --- a/arangod/V8Server/v8-vocbase.cpp +++ b/arangod/V8Server/v8-vocbase.cpp @@ -7992,6 +7992,7 @@ static v8::Handle JS_CreateDatabase (v8::Arguments const& argv) { v8::Local keyForceSyncShapes = v8::String::New("forceSyncShapes"); v8::Local keyForceSyncProperties = v8::String::New("forceSyncProperties"); v8::Local keyRequireAuthentication = v8::String::New("requireAuthentication"); + v8::Local keyRequireAuthenticationUnixSockets = v8::String::New("requireAuthenticationUnixSockets"); v8::Local keyAuthenticateSystemOnly = v8::String::New("authenticateSystemOnly"); // overwrite database defaults from argv[2] @@ -8025,6 +8026,10 @@ static v8::Handle JS_CreateDatabase (v8::Arguments const& argv) { if (options->Has(keyRequireAuthentication)) { defaults.requireAuthentication = options->Get(keyRequireAuthentication)->BooleanValue(); } + + if (options->Has(keyRequireAuthenticationUnixSockets)) { + defaults.requireAuthenticationUnixSockets = options->Get(keyRequireAuthenticationUnixSockets)->BooleanValue(); + } if (options->Has(keyAuthenticateSystemOnly)) { defaults.authenticateSystemOnly = options->Get(keyAuthenticateSystemOnly)->BooleanValue(); diff --git a/arangod/VocBase/vocbase-defaults.c b/arangod/VocBase/vocbase-defaults.c index 0f0c631b10..eb67e65526 100644 --- a/arangod/VocBase/vocbase-defaults.c +++ b/arangod/VocBase/vocbase-defaults.c @@ -44,14 +44,15 @@ void TRI_ApplyVocBaseDefaults (TRI_vocbase_t* vocbase, TRI_vocbase_defaults_t const* defaults) { - vocbase->_settings.defaultMaximalSize = defaults->defaultMaximalSize; - vocbase->_settings.removeOnDrop = defaults->removeOnDrop; - vocbase->_settings.removeOnCompacted = defaults->removeOnCompacted; - vocbase->_settings.defaultWaitForSync = defaults->defaultWaitForSync; - vocbase->_settings.forceSyncShapes = defaults->forceSyncShapes; - vocbase->_settings.forceSyncProperties = defaults->forceSyncProperties; - vocbase->_settings.requireAuthentication = defaults->requireAuthentication; - vocbase->_settings.authenticateSystemOnly = defaults->authenticateSystemOnly; + vocbase->_settings.defaultMaximalSize = defaults->defaultMaximalSize; + vocbase->_settings.removeOnDrop = defaults->removeOnDrop; + vocbase->_settings.removeOnCompacted = defaults->removeOnCompacted; + vocbase->_settings.defaultWaitForSync = defaults->defaultWaitForSync; + vocbase->_settings.forceSyncShapes = defaults->forceSyncShapes; + vocbase->_settings.forceSyncProperties = defaults->forceSyncProperties; + vocbase->_settings.requireAuthentication = defaults->requireAuthentication; + vocbase->_settings.requireAuthenticationUnixSockets = defaults->requireAuthenticationUnixSockets; + vocbase->_settings.authenticateSystemOnly = defaults->authenticateSystemOnly; } //////////////////////////////////////////////////////////////////////////////// @@ -74,6 +75,7 @@ TRI_json_t* TRI_JsonVocBaseDefaults (TRI_memory_zone_t* zone, TRI_Insert3ArrayJson(zone, json, "forceSyncShapes", TRI_CreateBooleanJson(zone, defaults->forceSyncShapes)); TRI_Insert3ArrayJson(zone, json, "forceSyncProperties", TRI_CreateBooleanJson(zone, defaults->forceSyncProperties)); TRI_Insert3ArrayJson(zone, json, "requireAuthentication", TRI_CreateBooleanJson(zone, defaults->requireAuthentication)); + TRI_Insert3ArrayJson(zone, json, "requireAuthenticationUnixSockets", TRI_CreateBooleanJson(zone, defaults->requireAuthenticationUnixSockets)); TRI_Insert3ArrayJson(zone, json, "authenticateSystemOnly", TRI_CreateBooleanJson(zone, defaults->authenticateSystemOnly)); TRI_Insert3ArrayJson(zone, json, "defaultMaximalSize", TRI_CreateNumberJson(zone, (double) defaults->defaultMaximalSize)); @@ -128,6 +130,12 @@ void TRI_FromJsonVocBaseDefaults (TRI_vocbase_defaults_t* defaults, defaults->requireAuthentication = optionJson->_value._boolean; } + optionJson = TRI_LookupArrayJson(json, "requireAuthenticationUnixSockets"); + + if (TRI_IsBooleanJson(optionJson)) { + defaults->requireAuthenticationUnixSockets = optionJson->_value._boolean; + } + optionJson = TRI_LookupArrayJson(json, "authenticateSystemOnly"); if (TRI_IsBooleanJson(optionJson)) { diff --git a/arangod/VocBase/vocbase-defaults.h b/arangod/VocBase/vocbase-defaults.h index 013bb44a91..461f656c7c 100644 --- a/arangod/VocBase/vocbase-defaults.h +++ b/arangod/VocBase/vocbase-defaults.h @@ -59,6 +59,7 @@ typedef struct TRI_vocbase_defaults_s { bool forceSyncShapes; bool forceSyncProperties; bool requireAuthentication; + bool requireAuthenticationUnixSockets; bool authenticateSystemOnly; } TRI_vocbase_defaults_t; diff --git a/lib/Rest/ConnectionInfo.h b/lib/Rest/ConnectionInfo.h index 6338b657ef..12e8559d1d 100644 --- a/lib/Rest/ConnectionInfo.h +++ b/lib/Rest/ConnectionInfo.h @@ -32,6 +32,7 @@ #include "Basics/Common.h" #include "Basics/StringUtils.h" +#include "Rest/Endpoint.h" namespace triagens { namespace rest { @@ -48,6 +49,7 @@ namespace triagens { serverAddress(), clientAddress(), endpoint(), + endpointType(Endpoint::DOMAIN_UNKNOWN), sslContext(0) { } @@ -57,6 +59,7 @@ namespace triagens { serverAddress(that.serverAddress), clientAddress(that.clientAddress), endpoint(that.endpoint), + endpointType(that.endpointType), sslContext(that.sslContext) { } @@ -67,6 +70,7 @@ namespace triagens { serverAddress = that.serverAddress; clientAddress = that.clientAddress; endpoint = that.endpoint; + endpointType = that.endpointType; sslContext = that.sslContext; } @@ -81,6 +85,7 @@ namespace triagens { string serverAddress; string clientAddress; string endpoint; + Endpoint::DomainType endpointType; void* sslContext; }; diff --git a/lib/Scheduler/ListenTask.cpp b/lib/Scheduler/ListenTask.cpp index f3cb7bea55..ab3e7184c7 100644 --- a/lib/Scheduler/ListenTask.cpp +++ b/lib/Scheduler/ListenTask.cpp @@ -232,6 +232,7 @@ bool ListenTask::handleEvent (EventToken token, EventType revents) { info.serverAddress = _endpoint->getHost(); info.serverPort = _endpoint->getPort(); info.endpoint = _endpoint->getSpecification(); + info.endpointType = _endpoint->getDomainType(); return handleConnected(connectionSocket, info); }